Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I am not sure if certain executables have been altered on my server. Is there a way to get apt-get to validate (using MD5?) files to show which have been altered since package installation?
Why do you want to do this? If you're concerned about someone hacking in and replacing system binaries with malicious ones, I suggest starting with chkrootkit and rkhunter. If you have reason to believe that someone has hacked in, you should disconnect it from the network, boot it from a live CD and run some rootkit checks from the CD, since a clever enough rootkit can also subvert rootkit checks on the installed system.
I am not sure if certain executables have been altered on my server. Is there a way to get apt-get to validate (using MD5?) files to show which have been altered since package installation?
Thanks
Leapy
Try debsums.
Code:
apt-cache show debsums
Package: debsums
Priority: optional
Section: admin
Installed-Size: 88
Maintainer: Brendan O'Dea <bod@debian.org>
Architecture: all
Version: 2.0.32
Depends: perl (>= 5.8.0-3), debconf (>= 0.5) | debconf-2.0
Filename: pool/main/d/debsums/debsums_2.0.32_all.deb
Size: 30868
MD5sum: dac5a673dca3cb787bfe0478857c58fa
SHA1: 7da1d063d7d417f7df3a2cf27df14f3e455ef2b8
SHA256: bd7347453a793561ea24829a4906cf6a073658d038947a2f9a45c874cd2defaa
Description: Verify installed package files against MD5 checksums.
debsums can verify the integrity of installed package files against
MD5 checksums installed by the package, or generated from a .deb
archive.
Tag: admin::package-management, role::program, security::integrity, suite::debian, works-with::software:package
Correct me if I got this wrong but I thought debsums ties in with apt as a post-invoke? Meaning that if you install it can only hash whatever comes next. (Meaning it's limited in what it can accomplish) Another way would be to do an off-line install, then install, configure and run Aide or Samhain and then copy the config and database to readonly media.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
